Charmed Kubernetes Bundles

SECURITY: update ingress-nginx to 0.45.0

Bug #1925371 reported by Kevin W Monroe
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Charmed Kubernetes Bundles
Fix Released
High
Kevin W Monroe
Charmed Kubernetes Bundles 1.21+ck1
Kubernetes Worker Charm
Fix Released
High
Kevin W Monroe
Kubernetes Worker Charm 1.21+ck1

Bug Description

Per https://ubuntu.com/security/CVE-2021-3449, we have an openssl issue that affects ingress-nginx < 0.45.0. Upstream has released a fix:

https://github.com/kubernetes/ingress-nginx/releases/tag/controller-v0.45.0

We'll need to get this image into rocks and change the default k8s-worker to use it.

See original description
Kevin W Monroe (kwmonroe)
Changed in charmed-kubernetes-bundles:
status: New → In Progress
importance: Undecided → High
assignee: nobody → Kevin W Monroe (kwmonroe)
milestone: none → 1.21+ck1
Changed in charm-kubernetes-worker:
status: New → In Progress
importance: Undecided → High
assignee: nobody → Kevin W Monroe (kwmonroe)
milestone: none → 1.21+ck1
Kevin W Monroe (kwmonroe)
description: updated
Revision history for this message
Kevin W Monroe (kwmonroe) wrote :

Bundle PR that will land 0.45.0 in rocks:

https://github.com/charmed-kubernetes/bundle/pull/798

tags: added: review-needed
Kevin W Monroe (kwmonroe)
Changed in charmed-kubernetes-bundles:
status: In Progress → Fix Committed
Revision history for this message
Kevin W Monroe (kwmonroe) wrote :

K8s-worker PR:

https://github.com/charmed-kubernetes/charm-kubernetes-worker/pull/86

This is g2g now that that rocks is hosting v0.45.0:

https://rocks.canonical.com/v2/cdk/k8s-artifacts-prod/ingress-nginx/controller/tags/list

tags: added: backport-needed
Kevin W Monroe (kwmonroe)
Changed in charm-kubernetes-worker:
status: In Progress → Fix Committed
tags: removed: review-needed
Revision history for this message
Kevin W Monroe (kwmonroe) wrote :

CK 1.21+ck1 will include this fix by default. Prior to that release, clients can run the following to ensure ingress-nginx is updated with:

juju config kubernetes-worker nginx-image=rocks.canonical.com/cdk/k8s-artifacts-prod/ingress-nginx/controller:v0.45.0

Revision history for this message
George Kraft (cynerva) wrote :

Cherry-pick to stable branches:

https://github.com/charmed-kubernetes/charm-kubernetes-worker/commit/39ba9cb410333cb3b5693e83407a865fef96e45f

https://github.com/charmed-kubernetes/bundle/commit/4215586f1e3040cee1b1d0a3320b943277ce01f3

tags: removed: backport-needed
Chris Sanders (chris.sanders)
Changed in charmed-kubernetes-bundles:
status: Fix Committed → Fix Released
Changed in charm-kubernetes-worker:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.